Ransomware stolen data is made public by hackers, for the First Time

Just like any ransomware attackers, Sodinokibi ransomware were made public by hackers for not paying ransomware, for the first time in the history. Sodinokibi ransomware was found on April 17, 2019. This ransomware is used by GOLD SOUTHFIELD Threat Group, which is a financially motivated group. This group prime motive is to distribute ransomware through exploit kits, software with backdoors, RDP servers & other exploiting techniques. For this first time Sondinokibi makers release the files of victims because ransom was not paid on time.

One of Sodinokibi, representative known as REvil, has publicly declared they will follow Maze Ransomware and will publish all stolen files of victim if they did not pay the ransom. Promises which were made by Sodinokibi ransomware representative have posted stolen data of around 337 MB on Russian forum.

Sodinokibi representative says data belongs to Artech Information System, who represents themselves as “Minority & Women Owned Diversity Supplier” largest staffing company in US. According to ethical hacking researcher of international institute of cyber security, website of Artech site is down. Hackers have posted only small amount of data & said if they don’t get paid, they will keep posting data to third parties which will include financial details also.

When many security researchers tries to reach Artech about the ransomware attack related question, the company did not heard back. In recent years, we have seen many ransomware attacks which needs to be treated very seriously as most important data breach.

Thanks to Michael Gillespie and his team members for working on ransomware like Sodinokibi and helping the world from ransomware attacks.